c9e771a81d11701e67d8135c8a33797f57e37807668c9790305a617f65caa1ad

Analysis

max time kernel
441s
max time network
443s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
27/04/2024, 10:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

CLIPStudioPaint.exe
Size

32.7MB
MD5

7eef51fe32ad9a7d0dc8ef15ffcc8db4
SHA1

f03ada8ee0e29fcd3e9f37a0d4866041d06cd365
SHA256

c9e771a81d11701e67d8135c8a33797f57e37807668c9790305a617f65caa1ad
SHA512

a24848e4a010e31fa256cce4a2eeec7447ed0f2a6c3a4cff13b91e5233f3990f67ce9ba4d44831635fb63b675d7915864b1a26f6ce7aad1d9c87f88bb8c8e575
SSDEEP

786432:bHmHIwjW2HkkkSmRtBwateQFllmZi1DRb5:yHIwW2HkNV6ateQ7Rb5

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings	firefox.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\CSP_302w_setup.exe:Zone.Identifier	firefox.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeDebugPrivilege	5116	firefox.exe
Token: SeDebugPrivilege	5116	firefox.exe
Token: SeDebugPrivilege	5116	firefox.exe
Token: SeDebugPrivilege	5116	firefox.exe
Token: SeDebugPrivilege	5116	firefox.exe
Token: SeDebugPrivilege	5116	firefox.exe
Token: SeDebugPrivilege	5116	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
5116	firefox.exe
5116	firefox.exe
5116	firefox.exe
5116	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
5116	firefox.exe
5116	firefox.exe
5116	firefox.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
5116	firefox.exe
5116	firefox.exe
5116	firefox.exe
5116	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 632 wrote to memory of 5116	632	firefox.exe	87
PID 632 wrote to memory of 5116	632	firefox.exe	87
PID 632 wrote to memory of 5116	632	firefox.exe	87
PID 632 wrote to memory of 5116	632	firefox.exe	87
PID 632 wrote to memory of 5116	632	firefox.exe	87
PID 632 wrote to memory of 5116	632	firefox.exe	87
PID 632 wrote to memory of 5116	632	firefox.exe	87
PID 632 wrote to memory of 5116	632	firefox.exe	87
PID 632 wrote to memory of 5116	632	firefox.exe	87
PID 632 wrote to memory of 5116	632	firefox.exe	87
PID 632 wrote to memory of 5116	632	firefox.exe	87
PID 5116 wrote to memory of 1556	5116	firefox.exe	88
PID 5116 wrote to memory of 1556	5116	firefox.exe	88
PID 5116 wrote to memory of 1556	5116	firefox.exe	88
PID 5116 wrote to memory of 1556	5116	firefox.exe	88
PID 5116 wrote to memory of 1556	5116	firefox.exe	88
PID 5116 wrote to memory of 1556	5116	firefox.exe	88
PID 5116 wrote to memory of 1556	5116	firefox.exe	88
PID 5116 wrote to memory of 1556	5116	firefox.exe	88
PID 5116 wrote to memory of 1556	5116	firefox.exe	88
PID 5116 wrote to memory of 1556	5116	firefox.exe	88
PID 5116 wrote to memory of 1556	5116	firefox.exe	88
PID 5116 wrote to memory of 1556	5116	firefox.exe	88
PID 5116 wrote to memory of 1556	5116	firefox.exe	88
PID 5116 wrote to memory of 1556	5116	firefox.exe	88
PID 5116 wrote to memory of 1556	5116	firefox.exe	88
PID 5116 wrote to memory of 1556	5116	firefox.exe	88
PID 5116 wrote to memory of 1556	5116	firefox.exe	88
PID 5116 wrote to memory of 1556	5116	firefox.exe	88
PID 5116 wrote to memory of 1556	5116	firefox.exe	88
PID 5116 wrote to memory of 1556	5116	firefox.exe	88
PID 5116 wrote to memory of 1556	5116	firefox.exe	88
PID 5116 wrote to memory of 1556	5116	firefox.exe	88
PID 5116 wrote to memory of 1556	5116	firefox.exe	88
PID 5116 wrote to memory of 1556	5116	firefox.exe	88
PID 5116 wrote to memory of 1556	5116	firefox.exe	88
PID 5116 wrote to memory of 1556	5116	firefox.exe	88
PID 5116 wrote to memory of 1556	5116	firefox.exe	88
PID 5116 wrote to memory of 1556	5116	firefox.exe	88
PID 5116 wrote to memory of 1556	5116	firefox.exe	88
PID 5116 wrote to memory of 1556	5116	firefox.exe	88
PID 5116 wrote to memory of 1556	5116	firefox.exe	88
PID 5116 wrote to memory of 1556	5116	firefox.exe	88
PID 5116 wrote to memory of 1556	5116	firefox.exe	88
PID 5116 wrote to memory of 1556	5116	firefox.exe	88
PID 5116 wrote to memory of 1556	5116	firefox.exe	88
PID 5116 wrote to memory of 1556	5116	firefox.exe	88
PID 5116 wrote to memory of 1556	5116	firefox.exe	88
PID 5116 wrote to memory of 1556	5116	firefox.exe	88
PID 5116 wrote to memory of 1556	5116	firefox.exe	88
PID 5116 wrote to memory of 1556	5116	firefox.exe	88
PID 5116 wrote to memory of 1556	5116	firefox.exe	88
PID 5116 wrote to memory of 1556	5116	firefox.exe	88
PID 5116 wrote to memory of 1556	5116	firefox.exe	88
PID 5116 wrote to memory of 3704	5116	firefox.exe	89
PID 5116 wrote to memory of 3704	5116	firefox.exe	89
PID 5116 wrote to memory of 3704	5116	firefox.exe	89
PID 5116 wrote to memory of 3704	5116	firefox.exe	89
PID 5116 wrote to memory of 3704	5116	firefox.exe	89
PID 5116 wrote to memory of 3704	5116	firefox.exe	89
PID 5116 wrote to memory of 3704	5116	firefox.exe	89
PID 5116 wrote to memory of 3704	5116	firefox.exe	89
PID 5116 wrote to memory of 3704	5116	firefox.exe	89
PID 5116 wrote to memory of 3704	5116	firefox.exe	89

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\CLIPStudioPaint.exe
"C:\Users\Admin\AppData\Local\Temp\CLIPStudioPaint.exe"
1⤵
PID:5064

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:876

C:\Users\Admin\AppData\Local\Temp\CLIPStudioPaint.exe
"C:\Users\Admin\AppData\Local\Temp\CLIPStudioPaint.exe"
1⤵
PID:4820

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:632
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:5116
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5116.0.516166807\837567608" -parentBuildID 20230214051806 -prefsHandle 1816 -prefMapHandle 1808 -prefsLen 22074 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1aea33a5-eefe-4e97-bc2a-98bf8d8a5ba1} 5116 "\\.\pipe\gecko-crash-server-pipe.5116" 1896 2320eb25b58 gpu
    3⤵
    PID:1556
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5116.1.1474496142\1854237679" -parentBuildID 20230214051806 -prefsHandle 2392 -prefMapHandle 2380 -prefsLen 22110 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6fe07701-07e6-4afa-943f-b7b9e44435d1} 5116 "\\.\pipe\gecko-crash-server-pipe.5116" 2420 23201c8ae58 socket
    3⤵
    PID:3704
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5116.2.2022533051\350751357" -childID 1 -isForBrowser -prefsHandle 2720 -prefMapHandle 2976 -prefsLen 22148 -prefMapSize 235121 -jsInitHandle 1360 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d59ed553-ad82-4a17-bb3b-b5df8b366773} 5116 "\\.\pipe\gecko-crash-server-pipe.5116" 3180 232112e7858 tab
    3⤵
    PID:4196
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5116.3.1662226106\500181466" -childID 2 -isForBrowser -prefsHandle 3564 -prefMapHandle 3560 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1360 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e48873ae-874a-495f-b35e-11734541e18c} 5116 "\\.\pipe\gecko-crash-server-pipe.5116" 3452 2321451f858 tab
    3⤵
    PID:4420
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5116.4.1927490084\342334865" -childID 3 -isForBrowser -prefsHandle 5068 -prefMapHandle 5064 -prefsLen 27690 -prefMapSize 235121 -jsInitHandle 1360 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {40b80fa0-09d7-495e-8f8a-c5db973845e9} 5116 "\\.\pipe\gecko-crash-server-pipe.5116" 5092 23216ae0b58 tab
    3⤵
    PID:1456
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5116.5.236283044\1749284597" -childID 4 -isForBrowser -prefsHandle 5228 -prefMapHandle 5232 -prefsLen 27690 -prefMapSize 235121 -jsInitHandle 1360 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {20657248-a5db-4a98-bd35-ab016342ba9b} 5116 "\\.\pipe\gecko-crash-server-pipe.5116" 5220 23216adff58 tab
    3⤵
    PID:1196
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5116.6.609750068\2029229161" -childID 5 -isForBrowser -prefsHandle 5512 -prefMapHandle 5508 -prefsLen 27690 -prefMapSize 235121 -jsInitHandle 1360 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {01769a07-3eae-4554-9ea4-4cbb7b9081d2} 5116 "\\.\pipe\gecko-crash-server-pipe.5116" 5436 23217037a58 tab
    3⤵
    PID:1892
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5116.7.1683547151\1546922581" -childID 6 -isForBrowser -prefsHandle 5232 -prefMapHandle 5800 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1360 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3d6d0005-5d00-4e72-9ccd-38413e7a6489} 5116 "\\.\pipe\gecko-crash-server-pipe.5116" 5812 23218c29658 tab
    3⤵
    PID:4084
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5116.8.810969718\1981261288" -childID 7 -isForBrowser -prefsHandle 3720 -prefMapHandle 5600 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1360 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5f8b0b0f-6427-4d76-b09f-ddfcba4056fb} 5116 "\\.\pipe\gecko-crash-server-pipe.5116" 5204 23211218e58 tab
    3⤵
    PID:1328
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5116.9.1235125749\1862872419" -parentBuildID 20230214051806 -prefsHandle 3544 -prefMapHandle 3540 -prefsLen 27695 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {74f6357b-6b60-4000-b36e-019911e90f5a} 5116 "\\.\pipe\gecko-crash-server-pipe.5116" 3552 23215c7e358 rdd
    3⤵
    PID:4620
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5116.10.1375713940\1093529017" -parentBuildID 20230214051806 -sandboxingKind 1 -prefsHandle 4384 -prefMapHandle 4380 -prefsLen 27695 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0970b3bf-3590-43e8-a65e-0bb2bc2a05e9} 5116 "\\.\pipe\gecko-crash-server-pipe.5116" 8988 23215c7ec58 utility
    3⤵
    PID:3576
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5116.11.821295499\987865353" -childID 8 -isForBrowser -prefsHandle 8972 -prefMapHandle 10036 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1360 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {de1f73db-52df-4829-b722-e7603d02eb31} 5116 "\\.\pipe\gecko-crash-server-pipe.5116" 8892 23215c7c558 tab
    3⤵
    PID:5108
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5116.12.598025796\553516793" -childID 9 -isForBrowser -prefsHandle 5608 -prefMapHandle 5536 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1360 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {08d8c48f-6ab9-4d14-bc6d-8c17d2258720} 5116 "\\.\pipe\gecko-crash-server-pipe.5116" 9720 232170f7658 tab
    3⤵
    PID:1776
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5116.13.439147783\165073408" -childID 10 -isForBrowser -prefsHandle 9064 -prefMapHandle 5532 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1360 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {91e3f830-e057-43fa-9d76-d5725307d376} 5116 "\\.\pipe\gecko-crash-server-pipe.5116" 5248 23219272258 tab
    3⤵
    PID:4404

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\prbn7a8y.default-release\activity-stream.discovery_stream.json.tmp

Filesize
29KB

MD5
d55d04a88ff878fab4f288fee8875e90

SHA1
b3c3266495c432f4b1c3569f1c4330ebe1d5af24

SHA256
ab52a810d359c51b51d133a71dcfb73d432183ca3b209eb3910700bc92ad14be

SHA512
53f201074e2c52188c345a9fcbf16c0f4c80faf16c85e5178de314bf934ff8a9bbeae8f7437379cf1018f3c36e45e99bc277fdd74e52cc76b52cd748bf8dd4cc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\prbn7a8y.default-release\activity-stream.discovery_stream.json.tmp

Filesize
30KB

MD5
5d46b52af1a223492d982ebd2a2e0873

SHA1
4a191817569a8df53566a6fa94021d196b9dc736

SHA256
d9014d8b1e1e8bca216f9a8c07d562ef9097a32c786858ebfeeb9979892829fc

SHA512
27ae3918647749409cf4d57cf90d0a609ecf01b84f37527d1f13b9dbaa5c0a1fd37ebfb24c9de46db67891a2cd298d2fd187f90ee5e4d68e0cd3dad12e6f66ed

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\prbn7a8y.default-release\cache2\doomed\22810

Filesize
9KB

MD5
89d09bc197a6b3c12a6c663493dc931e

SHA1
5999df05d7dcb9972cb581bd7119eec7c0f80d18

SHA256
a59f7bb85e1509416477da98d8925f92fb88aad270d66ef7db86a71822f3501b

SHA512
13e051534844c4c67a7b55fe0ef039b9a30e10c51bfeca7db7f7c17ee81fb2eb7f664436b72bd0a191b8170f3de9deefd1372c885ae4f1c8ddcd73de7129c489

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\prbn7a8y.default-release\cache2\doomed\29328

Filesize
11KB

MD5
dfa4d6fde169c0192e6274c714a2fb65

SHA1
948de96edf4dc78059135bb4fef0488900d553af

SHA256
e94b061fedceb3b9f049cc199a31f0f4482c66ea5cc1dd9e0165dbd51b954097

SHA512
ef23f1fe7e9e15fc4495ca32a63ef6951681f19abb09ba2da06e817301d0c2e47bae3c1610c06c656f205cd64a175d35556492231ca46e33eb19aff8e80472e8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\prbn7a8y.default-release\cache2\entries\8BD7794D7B9AA7408EA53B91F34BF0B56D2D835C

Filesize
48KB

MD5
35c22a44d2f1a9549e9aa1e30c36d960

SHA1
ef19a2e5a564bb77d589cddaacdb20cd9060f5df

SHA256
dec5f05061675b43248e5e9a07a593af4ca8e79b5f8a4d80bf67aceb9ea18633

SHA512
91d50e8143140896b0105d818992a46428a699358f050162a79159036d1e063457a278fdcbcca4f519778a12d48b31994eb798d47fee06aa57e504940b469e45

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\prbn7a8y.default-release\cache2\entries\ACD751CF5D901775E0819BFBC0DB9DB0A030FD89

Filesize
25KB

MD5
d99423fd45b92a15b68431bcc534510e

SHA1
9ba5b978836c6df7c39764f39900364cb390d5e1

SHA256
31fb1936d94df4ca5d7983fb1edb9fa619243af6a470bd2a3caea9302074ae6c

SHA512
5997632c2373d6e6cf4ce9b3d04d965cfbc0580626781f974c1cba469ecd2eca7ca0d543ccc026f01f9504e55a1c8c12fe3c1ac8cbdf819165d2f299b626cd59

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\prbn7a8y.default-release\cache2\entries\CC9AFF3BE02AD27708D587AE49B3DC68644172BA

Filesize
13KB

MD5
85e5f074554f8b66fdd7ea43c94d80ec

SHA1
0ad6312b8500aac529b640c498a6f2d8977c2ce9

SHA256
4868ca53d113ec94f91dae4aa1e181088d115ebd75f6070e46ccb8f726cadfab

SHA512
85110a9dc254d88db017d1fce024bb1535375f94df516e4bd2504785dd5ba20fe8839c06037a063a1f40956b9a7cffb75badb578787fe0b867b0c61a55dcc192

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\prbn7a8y.default-release\cache2\entries\DB72C34648730E7683AFCC3DA6D6227F0F507B65

Filesize
24KB

MD5
c8bba50d27f4315edbfbe71880754215

SHA1
c6ffd4303d5d520506efa19305b8ece621979169

SHA256
0f95a26e135d6200f3aaaf5ff7352f2e2296a4bf7ae9ecca1b36492d1275061e

SHA512
32d983e3ff0bc7186b235458767943bcc1824f18f43672fb712717455bc9bc18f0b157dd7c08622b950f34127e6dc55e6dcf66cf8a55fa1b7c20d8a5b3440b0a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\prbn7a8y.default-release\cache2\entries\FAC88588AA526475FE8C12552856C8F3FA06A5E4

Filesize
28KB

MD5
5b45ac40a42cda12735e0be273b3aee9

SHA1
489a27c8667c5d377093c40ead05c6304cc3effb

SHA256
e945a860c94c91a38d3eb3fb3543b00af1aac46378e4412afa69bf4e6c92458f

SHA512
134ec8269fcc0e75a072b645905e1ca0b236e40c27d1429bc2d7a9bd7e2bc27a1d6cedf60a4b42c617f843a9b5d472a29c54758adf698dd53faa4f259666f7f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
12KB

MD5
8642edeb684fdb3b2d983437cabec972

SHA1
7de2622b4b814611417a5359d0d2005e703a5cf2

SHA256
ded70a193dfdb4063e4001eb7b1ff2fe555cee54926c63a05e6eabdfc0d9833f

SHA512
37f1b5b44ec46ce144d10d49e0d66e2481c719cf6177fb93f3df166d1769cc6f0f49945df9220202da0d8619a1bbfb40bf5f6b66de54c1a7dbe0788ed1792b69

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\prbn7a8y.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\prbn7a8y.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\prbn7a8y.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\prbn7a8y.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\prbn7a8y.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\prbn7a8y.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\prbn7a8y.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\prbn7a8y.default-release\prefs-1.js

Filesize
8KB

MD5
2228e7df5511752177b822357a724da8

SHA1
4bd9453b6a77328bffc25f3fedc246a06d59ee82

SHA256
bdc017eeea7cf0eedb809de02b7fab0dbb544aadd28b894c1dc1ccf3e2b091bd

SHA512
ef6dcc786d3d1223ef7a23be1e5980f5968fda435b23f0c66ab25060d49e4370cb5c75241f05f080beeac0e88620d87f24b71765c9a823997862dc9e50e2228c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\prbn7a8y.default-release\prefs-1.js

Filesize
7KB

MD5
d5824d6d68c696ddb443e0a6385387cf

SHA1
3cca2be480fc7f7ad8d02162f8e02c7c45c8e8a0

SHA256
14211cb1aefc55cb5587e4b9c3b6ca164faef2cdef5c8471059ff6f8a98ceff1

SHA512
e7a4f36894e674249173357dff8a11e54a39182b6a77303ce9313f17d7700f05a923430d694eda67a6045e63d4bfa47c45b3428582f601b1e9c69ff1bb7d0a34

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\prbn7a8y.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
4c0751e50cebd94c192f83f43b4aba64

SHA1
ab923cb39b0765791ce61eeacdcf0ca896fc521c

SHA256
2b57017ba929ece27b06fc2b005f02b90c151fa064c8fe90803052ec346cc6d5

SHA512
923ea83201c7334cb260314a1a693d404d3606e900ed2da256bb84bf25181e0281eb61a959357f2b60f596cfc0c064777f93d1beb2095aee04f34bb59cbfa659

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\prbn7a8y.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
c83f522fedf1108a85a2a8d5cab902a1

SHA1
3f3a8c9a2976d25e768aefe59fa2eaa19c4d58e5

SHA256
8bde85a8a098254c350c51c0ca432be855c721f8b9595e18fa7b57087bad83c8

SHA512
1977752d8d5dda2f0c30cf77647e7d8c43d1143d5ceb76a527e2aa755c47eb466e20f9a179f9839da5321b6cbb3dc7af2ebb740aab93dccf9f85fe6a35660bb4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\prbn7a8y.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
22f2c9ae417fc22ab889c815ca6f8e39

SHA1
ee9a88b61df1ebb875b8a83a9aec499ca04078ff

SHA256
e9af7cc539649fef7c753db4bf00352ccea79fa5b359ee0f2a4f3e01578b3cc9

SHA512
6421720feb5ba725a4d90a7636db19030a518eb9d83de4bf0a38e518ca55e8f014d7bc990e718473fe33897a3d7982a86d26cea28a61386180652f1c70fadd88

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\prbn7a8y.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
7ad2e6d49db7b7ff07ca34b5a32ecc6c

SHA1
6df943a74194a4a87046e58ec167d5f498d1e23c

SHA256
62932ddfad71539e4e7f655f45a789ab9f3374e06daabab942cafb4c2bd4b323

SHA512
3bb34c1d37a0a1fdfd64eaa678f0e85317af15a2d75bbaadb96d8cabef38682371e5e09f517b2e37e9880722c27ae175eb66ddc315d9e035907423e71c32ebef

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\prbn7a8y.default-release\storage\default\https+++www.youtube.com^partitionKey=%28https%2Cclipstudio.net%29\idb\2171031483YattIedMb.sqlite

Filesize
48KB

MD5
fa007133eae6ce7a0af98d474ab459f6

SHA1
791bcd4cebe458f28137ff0a52d8312c4d671da5

SHA256
ffaacc38058ee302098cb4310e973e8c0ebe7fc0171eba56a4c107c3ee74b42d

SHA512
390c13f981524818d88c9e28889f84197d1f8eeb6874cc3f04097e75796ee38eb90c3c8055d5d1204d69611e0315155e4fef70bce375569532a10da302d91f6b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\prbn7a8y.default-release\storage\default\https+++www.youtube.com^partitionKey=%28https%2Cclipstudio.net%29\idb\2171031483YattIedMb.sqlite-wal

Filesize
20KB

MD5
cb438871c49b143338c5d73f7a0a551e

SHA1
c6841e5391277172d7d2a239c6bf42b7cc7277ea

SHA256
23f6e3b0f431cbba35f34a5d77956b0e5376f5c539471c08a21a386b96115a26

SHA512
53e276de892676d4d97a4108b969dbf6e7c09aca1a84eb1b50adbbfa4f1868412ea700bab44e36a3ee1914606962a4e6cc0e784dd109c9bf5c79c36024a9a4d1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\prbn7a8y.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
584KB

MD5
7255341b48c0ed81af67aa8f659bc018

SHA1
7349634d1a467a2e6ffa74f5d187ac68f297f451

SHA256
5dadad7edd05465bbdab40a088f2b232baaff4130689419edb07667f43016c25

SHA512
32ab7426dc78573b4d9d022364aac833cdaea8b06af689d50b8508bae2ef36ea2896ec8fee2976b0e311d0be3b2ef129394e3315208236e1425f7c94e1a4d524

Download Submit
C:\Users\Admin\Downloads\CSP_302w_setup.exe

Filesize
435.3MB

MD5
98d0d37fd4a172fe498c564b33ad1c4b

SHA1
07129de42431728fd39809b70bc048d4477ba392

SHA256
feb3b388e2e6a5aeca1c6689f1abc4ed228090877d23b3c2e71cde85dc175c61

SHA512
739d56e4c4ee20d871bcdf27ee2079f72bcdf73f3e4c491427acadddcb53ec18f0caa2654a03f62788d34afd4a3571891cf26907336dfaba7345e0e28e6b20e6

Download Submit